On 12/22/2010 10:19 PM, dan (ddp) wrote:
Many thanks for your help dan.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Not a problem. Can you post your final decoder for the archives? It
might help someone else looking to do the same thing.
Of course, no problem. Here it is:
^type=\S+
>
> Many thanks for your help dan.
>
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
>
Not a problem. Can you post your final decoder for the archives? It
might help someone else looking to do the same thing.
On 12/22/2010 10:11 PM, carlopmart wrote:
On 12/22/2010 09:54 PM, dan (ddp) wrote:
On Wed, Dec 22, 2010 at 3:17 PM, carlopmart wrote:
On 12/22/2010 08:44 PM, dan (ddp) wrote:
I don't have access to ossec-logtest right now, so you'll have to do
some testing with that on your own.
Everything I'
On 12/22/2010 09:54 PM, dan (ddp) wrote:
On Wed, Dec 22, 2010 at 3:17 PM, carlopmart wrote:
On 12/22/2010 08:44 PM, dan (ddp) wrote:
I don't have access to ossec-logtest right now, so you'll have to do
some testing with that on your own.
Everything I'm writing in this mail is untested. ;)
On
On Wed, Dec 22, 2010 at 3:17 PM, carlopmart wrote:
> On 12/22/2010 08:44 PM, dan (ddp) wrote:
>>
>> I don't have access to ossec-logtest right now, so you'll have to do
>> some testing with that on your own.
>> Everything I'm writing in this mail is untested. ;)
>>
>> On Wed, Dec 22, 2010 at 12:41
On 12/22/2010 08:44 PM, dan (ddp) wrote:
I don't have access to ossec-logtest right now, so you'll have to do
some testing with that on your own.
Everything I'm writing in this mail is untested. ;)
On Wed, Dec 22, 2010 at 12:41 PM, carlopmart wrote:
Hi all,
I am trying to decode auditd mess
I don't have access to ossec-logtest right now, so you'll have to do
some testing with that on your own.
Everything I'm writing in this mail is untested. ;)
On Wed, Dec 22, 2010 at 12:41 PM, carlopmart wrote:
> Hi all,
>
> I am trying to decode auditd messages using OSSEC under RHEL6 host. To do
Hi all,
I am trying to decode auditd messages using OSSEC under RHEL6 host. To do this I
followed this howto:
http://securestate.blogspot.com/2010/09/getting-ossec-to-parse-auditd.html.
My local_decoder.xml file is:
type=\S+ msg=audit
msg=
'PAM: \.+ acct="(\S+)" : exe="(\S+)" \(hostname=(